Author Name
H. Carvey
Artifact Name
NetworkList
Artifact/Program Version
RegRipper w/ networklist.pl plugin v.20090812
Description
Vista and Windows 7 maintain a Registry key named
“NetworkList”:
HKLM\Microsoft\Windows NT\CurrentVersion\NetworkList
This key appears to contain profiles regarding managed and
unmanaged networks, including wireless networks that the system has
connected to, including SSID, the date the profile was created, the
date last connected, the MAC address of the WAP, etc. This MAC can be
looked up in the SkyHook database, and possibly converted to a Google
Map.
Registry Keys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList (Updated 6/3- Thanks to Troy)
File Locations
Software Hive
Forensic Programs of Use
RegRipper w/ networklist.pl plugin
轉自 http://forensicartifacts.com/2011/06/networklist-vistawindows-7/
H. Carvey
Artifact Name
NetworkList
Artifact/Program Version
RegRipper w/ networklist.pl plugin v.20090812
Description
Vista and Windows 7 maintain a Registry key named
“NetworkList”:
HKLM\Microsoft\Windows NT\CurrentVersion\NetworkList
This key appears to contain profiles regarding managed and
unmanaged networks, including wireless networks that the system has
connected to, including SSID, the date the profile was created, the
date last connected, the MAC address of the WAP, etc. This MAC can be
looked up in the SkyHook database, and possibly converted to a Google
Map.
Registry Keys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList (Updated 6/3- Thanks to Troy)
File Locations
Software Hive
Forensic Programs of Use
RegRipper w/ networklist.pl plugin
轉自 http://forensicartifacts.com/2011/06/networklist-vistawindows-7/
發表文章
0 意見: